Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
01/06/2024, 20:07
Static task
static1
Behavioral task
behavioral1
Sample
8ba018b35337c6591961a60090b13fa1_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8ba018b35337c6591961a60090b13fa1_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
8ba018b35337c6591961a60090b13fa1_JaffaCakes118.html
-
Size
42KB
-
MD5
8ba018b35337c6591961a60090b13fa1
-
SHA1
7966f53280b1eb234d0348ca2969e981800607f4
-
SHA256
d7c9c57ef2dcfa5eb95433d81b27f7a70c5f8bf979f3abe38cf7167afdaa2224
-
SHA512
9ca70a472d6be7cf9e49767f15d6fa59c3624ef9947a5047eb87516b3cdbd88b25ee7065f0a051adbfe933ebe2e884beac284308a66d6a0befffef0cea9dffc9
-
SSDEEP
192:uw3Ab5nRWnQjxn5Q/5nQiesNnxunQOkEnt7rnQTbnxnQmSzxYbt9xGCj7R6adPpe:6Q/Joxe7VRoVwq7
Malware Config
Signatures
-
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9C47E051-2052-11EF-B20D-42D1C15895C4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434333" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2972 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2972 iexplore.exe 2972 iexplore.exe 2216 IEXPLORE.EXE 2216 IEXPLORE.EXE 2216 IEXPLORE.EXE 2216 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2972 wrote to memory of 2216 2972 iexplore.exe 28 PID 2972 wrote to memory of 2216 2972 iexplore.exe 28 PID 2972 wrote to memory of 2216 2972 iexplore.exe 28 PID 2972 wrote to memory of 2216 2972 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ba018b35337c6591961a60090b13fa1_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2216
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5876b8c902c9196ce68e82e5b168bdf19
SHA1482a6462b210adbbf2946b3eea7810107aaa7d0f
SHA256f86fac58d5d5d72957d62757f71184af087c84c92ed5c7ca38999bd37c0b4dd1
SHA512dffd9f2a9b6c9615d8804b311d2d9206baf093be0d842a3d8fa227bfc1869ec41880fa8314c3b1169acf9ae8bc91ba06b42492de74d87d882d8feb21b68013e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b09728ac70c7275dc77ac3c8d4f2cc9
SHA1603fe336edad4c33b271762b4933b5507b36a1f7
SHA256b7971198005331601ff5f0f8ce80601b3f16ce0905e093b50a3a7e55f5414a19
SHA5123f5ae181f886c8dd15312ef39244378915946f22dfdb421dcd4948451047c4ec5767783e525c85911d5256f4a855417bf3e1b72fcc34fd2a69e71ad929b650e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e59002877383b37edac016adbcd76d7
SHA124ae6523cfce48d64874ac0cb420db7155993985
SHA25637495a38217a4485fbbb2347e247d52a6fe36301c41ac490915fac9c54d558ab
SHA512caec8742794788db66777608166baa3b74be839ed2b7ad35fb6b7f11e5332aa76501904ebe37e5532d8dbd6192b5eb111cf50ab216903a24af834be3ad18c820
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f8ab83b5a9c06760dcc8180346db43e9
SHA130b54a34748796962622507c2928d88db9873ce2
SHA25635996889df8e0fbd680263558856fa26a376886b54198f5262e8f4cef6e20e29
SHA5120d90661d9af69c485406e4bc3eaebc51dd48e836bbaebd2e4e2c3f932491798f540a46947d9218894cb956be30c939229f4569211b8d29ea281c2f9467cf8e20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c93b39e934862cc4392cb368bd07e5af
SHA122fecac2cd1448a71d024d171811fe2b9394b4a3
SHA256dfa69ffc375101e8e7e78b46e747e710f5b5c75ce2ae605adc5e6b6befda9d02
SHA5126ab41c837b78ce41db4dd7c6d3cfa19171cc23f5e2c1eff7fccf473c027561602dc0221f6d6013d8def0ca12e1ac8132ed1105233d1dbeb1a3af4d847471bd3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d4d0badee840660e4e6ba428a695ae4e
SHA1902a09a0be530359f6cd6005f1cfe09c3e3b6ad1
SHA25612f88813aefb6a6f36fff97505ae28fcee4200b18d32a236a622047eb8a75235
SHA51228b43aafa210ec34aa30a9b1160d08b935816bc5652e9a1574839d9e4184bd5b0dcb03739f393f5d2d8c91c629486b48f9fef5965dffc4fe3221360d3b00e18c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535d17310c9598db24dce50ac77c838bd
SHA1cb7a82acd0b6cc5db2043cc51641d0e784ac5e69
SHA2563ce2ed17fd6a7acd71ef0e7205f26fa7dab8b0e80b23321a29be3c00ad97ef54
SHA5126ab000416f7edc694657c7b3b4a9b58377b6ff2860515c99a524abdca1cb2d6efc5d76845ba392a2335a3eac495e02d5e1a06feaa21b50a73de2083ee29c6411
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dd5df47cc5df3c3bd3e1a40de6258bf7
SHA1753ff87c2c314e0b8844c9633cddd2b64f5e8221
SHA256740ebe525e672119f06e44dca424f5228b2d93e9d11747cd5f239edd2edf7512
SHA5128965819afa035f2207f1786cb41d022802984c87bbd7bd92cc1d5c959aefa5b9d0a8a40040877667745e3d9ff28f0db75ca32a5d517022b0a8c2c34178836723
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537c0c686bcf9dfb934499e1ebabb6b0d
SHA182386315db7e81f8ad2b152ff3c3fce7215b1cf0
SHA2566318e4ed04694639582e9431573f48e9fe58e6461366f5ac6d1c2eeca68e6530
SHA512a29769b5f53d350d6cc1cc6dcb392ecf22ea7f713b7276e25819a91e2343112f53d49084a81d608ce81b72bf7f36b085e6d1cc326ad5c7891230ce0e23692170
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b